And GitHub revealed in a blog post that this cyber attack at its peak reached an incredible 1.35Tbps.

DDoS Attack

The DDoS attack took place on Wednesday, 28 February, GitHub explained in the blog post. It said its website was completely unavailable, or intermittently unavailable, for a period of just nine minutes.

It seems the attackers carried out the DDoS by “abusing memcached instances”. This a distributed memory system known for high-performance and demand, and it allowed the attackers to hugely amplify the traffic volumes they were firing at GitHub.

The attackers apparently initially spoofed GitHub’s IP address and then took control of memcached instances that GitHub said are “inadvertently accessible on the public internet.”

The result was a colossal amount of incoming traffic for GitHub.

But impressively, GitHub’s network monitoring system had noticed the ramping of incoming traffic, and after calling in the oncall network engineer, the decision was made to immediately call in the specialists, namely Akamai.

“Given the increase in inbound transit bandwidth to over 100Gbps in one of our facilities, the decision was made to move traffic to Akamai, who could help provide additional edge network capacity,” GitHub blogged.

“At 17:26 UTC the command was initiated via our ChatOps tooling to withdraw BGP announcements over transit providers and announce AS36459 exclusively over our links to Akamai,” GitHub revealed. “Routes reconverged in the next few minutes and access control lists mitigated the attack at their border. Monitoring of transit bandwidth levels and load balancer response codes indicated a full recovery at 17:30 UTC. At 17:34 UTC routes to internet exchanges were withdrawn as a follow-up to shift an additional 40Gbps away from our edge.”

GitHub said that the first portion of the attack peaked at 1.35Tbps and there was a second 400Gbps spike a little after 18:00 UTC.

Other Attacks

DDoS attacks can be highly damaging and outages can last much longer than just nine minutes.